Archive

Gizmo’s Freeware , a non-commercial community website staffed entirely by volunteers, published an article about Colasoft Capsa on Mar.6 2014 which reviewed Colaosft Capsa as the friendliest network traffic monitor ever.

Here’s the review written by Rob.Schifreen.

If you’ve ever wanted to be able to view a log of all the data that passes through your PC’s network connection (either wired or wifi), you may know that this is possible with a network protocol analyzer utility. Such programs let you find out who your PC’s been talking to, and what was said. You can view the content of every packet of data that travels to/from your PC and all of the remote computers and websites that you connect to.

By far the best-known of the network protocol analyzer software products is Wireshark. It’s powerful, free, and does the job. However, it also has a very steep learning curve and is far from intuitive to use.

Which is why I was so impressed to learn about a product recently called Capsa, which does a similar job but is way more friendly and much easier to understand.Capsa is from Colasoft, and you’ll find it at http://www.colasoft.com/capsa-free/. Considering the full Enterprise version costs around $1000, the free no-commercial-use version, which offers pretty much all the features you’ll need, is a bargain.

It’s a 20 MB download, malware-free according to VirusTotal, and should work on all recent versions of Windows. So next time you need to know what’s eating up all the network bandwidth on a computer, or precisely what information a certain application is sending out about your PC, you can track it down with Capsa.

The article was written by Ericka Chickowski .She is an award-winning freelance writer, Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. Chickowski’s perspectives on business and technology have also appeared in dozens of trade and consumer magazines, includingChannel Insider, Consumers Digest, Entrepreneur, InformationWeek, Network Computing and SC Magazine.(Information fromhttp://www.networkcomputing.com)

Ericka Chickowski recommended 10 free network analysis tools in her article,the first one is Capsa Free.

This is how Ericka Chickowski describes Capsa Free.

“Capsa Free is an network analyzer designed for monitoring, troubleshooting and analysis, Capsa Freefrom Colasoft provides the capability to identify and monitor more than 300 different protocols. Users can record network profiles, create customizable reports and set customizable alarm trigger combinations. Additionally, Capsa offers MSN and Yahoo Messenger monitoring statistics, email monitoring and auto-saving of email content and an easy-to-use TCP timing sequence chart.” (Actually Capsa can identify and monitor more than 400 different protocols now.)

During the process of analyzing a network problem with a network analyzer tool or a protocol sniffer, especially when we find a suspicious worm or backdoor activity, we get only useful information like MAC addresses, IP addresses and also the port number in transport layer. The analyzer may not even know which application layer protocol is used, even it tells, we still need to figure out which application or process is using this application layer protocol. Is there any method that we can find out the original application or process using that TCP or UDP port? If you are conducting an on-site analysis, Capsa can easily help find out which process is using what port.
Let’s see how.

Find out Port Number

For example, I spot in Capsa Free the following TCP connection suspicious, which constantly communicates to IP: xx.xx.0.183, on port 8000. So I’m going to look up the process name using this port.

Find Process ID (PID)

At once I evoke Command Prompt, and entered the following string and hit enter.

We can read in this case 3968 is the PID, and the source IP address and the target address is the same as the first figure.

Find Process/Application

Next we’ll switch to another tool Process Explorer (a free tool that you can get from: http://technet.microsoft.com/en-us/sysinternals/bb896653) immediately. And we can easily find out the process or application of this PID: 3968.

I’m sure it’s an instant messenger used internal in my office and it’s safe. You can also try to find this PID in Windows Task Manager if you don’t have Process Explorer installed.

However task Manager will not provide as much information as Process Explorer. And command prompt is quite handy for geeks.

tasklist | findstr 3968

This command will list only the task items with string 3968. Please refer to previous command if you not sure about | findstr parameter.

Kill Process/Application

So next, you may want to kill a process when you find it’s malicious and want to end it at once? If you are with Process Explorer, you just right-click on a process item and choose Kill Process (Press Del button for short) to kill that process (you can do the same in Task Manager). Again, you may run the following in Command Prompt:

taskkill /F /PID 3968

Explanation:

/F means force to kill the process. And I suppose you understand PID so far.

Now we successfully detect and target the suspicious process with the specific port number, no matter UDP or TCP. And of course this procedure is reversible, you can find out the port number from the process’s PID.

When a program has a “free” edition, very often, it is just a demo without a time limit, offering only enough functionality to get you to buy the “real” version. Capsa 7 Free is not such a program; it’s a full-featured network traffic monitoring and reporting tool. The features you get for free, without a time limit or unceasing nags, are exceptional.

This high level overview is just the start of Capsa Free; you can drill down very deep to learn more about your network.

Capsa Free provides an ongoing look at everything that passes through a selected network adapter. (This is one of the few limitations of the Free version vs. the Professional and Enterprise versions; you can analyze only one adapter at a time. For most home or small business users, this will not be an issue.) It breaks the data down by protocol and IP address, the latter of which is very interesting from a home user perspective–a days’ casual surfing, captured and analyzed by Capsa, revealed I contacted computers in over a hundred different nations. You can also set it to store packets, with a variety of options for how many to store and how long to keep them. Later, you can rummage through them with Capsa, if you know what you’re looking for (or just want to peek under the hood and understand more about what happens between when you type an address in your browser and when you see a picture of a cat appear on your screen.)

For network administrators in small businesses, Capsa 7 Free is a potent tool with many analysis and testing abilities. With it, you can see what’s happening on your network, whether you want to monitor usage or determine if a connectivity problem really is on your end, You can hand-code packets and then send them to an adapter, in order to see what happens. The ability to set alarms if particular traffic patterns occur can help you see an attack coming and head it off, and there are tutorials on-line to help you do just that.

Capsa Free is a tool for professionals and enthusiasts. A casual home user will not find much use in Capsa Free, though, being free, it doesn’t hurt to check it out. Using it requires either a good knowledge of internet protocols and low level functionality, or a strong desire to learn such things. If most or all of your traffic routes through a single network adapter, you may never see a need to upgrade to the Professional edition, which starts at $549.00.

Colasoft, an innovative provider of all-in-one and easy-to-use network analyzer software, today announces the release of a free network analyzer software-Capsa Free, which is fully functional with no expiry days. The intuitive, simple graphic network analyzer designed for personal and small business use is now totally free to the public. While Wireshark is regarded as the pioneer of the free network analyzer, Capsa is considered as the great combination of Wireshark and Polit, strong capturing ability plus powerful analyzing and reporting abilities. Seems unbelievable? Without any doubt, another great free network analyzer is born.

“Capsa Free is a great combination of powerful network monitoring, in-depth packet decoding, reliable network diagnosing, real-time alerting and thorough reporting ability, it provides you innovative solutions to numerous network problems”, said Roy, Luo, CEO of Colasoft, “as network security is becoming more and more important, by releasing the free but full functional network analyzer, we are hoping to offer a great chance for small business and networking geeks to learn more about network analysis techniques. We believe there will be more and more network analyst, just like “doctor in networking, more and more people are going to use an easy-to-use and powerful network management software. Capsa Free aims to fulfill our goal of largely promoting the popularization of network analysis techniques and make the maximize value of enterprise network.”